Discussion:
[PATCH] wolfssl: fix options and add support for wpa_supplicant features
(too old to reply)
Daniel Golle
2018-04-28 18:55:51 UTC
Permalink
Some options' default values have been changed upstream, others were
accidentally inverted (CONFIG_WOLFSSL_HAS_DES3). Also add options
needed to build hostapd/wpa_supplicant against wolfssl.

Signed-off-by: Daniel Golle <***@makrotopia.org>
---
package/libs/wolfssl/Config.in | 12 ++++++++++++
package/libs/wolfssl/Makefile | 33 ++++++++++++++++++++++++++++-----
2 files changed, 40 insertions(+), 5 deletions(-)

diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
index 7e8a4b6cee..9b88914516 100644
--- a/package/libs/wolfssl/Config.in
+++ b/package/libs/wolfssl/Config.in
@@ -32,10 +32,22 @@ config WOLFSSL_HAS_PSK
bool "Include PKS (Pre Share Key) support"
default n

+config WOLFSSL_HAS_SESSION_TICKET
+ bool "Include session ticket support"
+ default n
+
config WOLFSSL_HAS_DTLS
bool "Include DTLS support"
default n

+config WOLFSSL_HAS_OCSP
+ bool "Include OSCP support"
+ default n
+
+config WOLFSSL_HAS_WPAS
+ bool "Include wpa_supplicant support"
+ default n
+
config WOLFSSL_HAS_ECC25519
bool "Include ECC Curve 22519 support"
depends on WOLFSSL_HAS_ECC
diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index 1d4b7f5579..d0bd3b5a35 100644
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

PKG_NAME:=wolfssl
PKG_VERSION:=3.12.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2

PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
PKG_SOURCE_URL:=https://www.wolfssl.com/
@@ -51,7 +51,9 @@ CONFIGURE_ARGS += \
--enable-opensslextra \
--enable-sni \
--enable-stunnel \
- --disable-examples
+ --disable-examples \
+ --disable-leanpsk \
+ --disable-leantls \

ifeq ($(CONFIG_IPV6),y)
CONFIGURE_ARGS += \
@@ -79,19 +81,25 @@ CONFIGURE_ARGS += \
--enable-supportedcurves
endif

-ifneq ($(CONFIG_WOLFSSL_HAS_DH),y)
+ifeq ($(CONFIG_WOLFSSL_HAS_DH),y)
CONFIGURE_ARGS += \
--enable-dh
endif

-ifeq ($(CONFIG_WOLFSSL_HAS_ARC4),n)
+ifneq ($(CONFIG_WOLFSSL_HAS_ARC4),y)
CONFIGURE_ARGS += \
--disable-arc4
+else
+CONFIGURE_ARGS += \
+ --enable-arc4
endif

-ifeq ($(CONFIG_WOLFSSL_HAS_DES3),y)
+ifneq ($(CONFIG_WOLFSSL_HAS_DES3),y)
CONFIGURE_ARGS += \
--disable-des3
+else
+CONFIGURE_ARGS += \
+ --enable-des3
endif

ifeq ($(CONFIG_WOLFSSL_HAS_PSK),y)
@@ -99,11 +107,26 @@ CONFIGURE_ARGS += \
--enable-psk
endif

+ifeq ($(CONFIG_WOLFSSL_HAS_SESSION_TICKET),y)
+CONFIGURE_ARGS += \
+ --enable-session-ticket
+endif
+
ifeq ($(CONFIG_WOLFSSL_HAS_DTLS),y)
CONFIGURE_ARGS += \
--enable-dtls
endif

+ifeq ($(CONFIG_WOLFSSL_HAS_OCSP),y)
+CONFIGURE_ARGS += \
+ --enable-ocsp --enable-ocspstapling --enable-ocspstapling2
+endif
+
+ifeq ($(CONFIG_WOLFSSL_HAS_WPAS),y)
+CONFIGURE_ARGS += \
+ --enable-wpas --enable-sha512 --enable-fortress --enable-fastmath
+endif
+
ifeq ($(CONFIG_WOLFSSL_HAS_ECC25519),y)
CONFIGURE_ARGS += \
--enable-curve25519
--
2.17.0
Alexandru Ardelean
2018-05-02 19:53:59 UTC
Permalink
Post by Daniel Golle
Some options' default values have been changed upstream, others were
accidentally inverted (CONFIG_WOLFSSL_HAS_DES3). Also add options
needed to build hostapd/wpa_supplicant against wolfssl.
Sorry for the late reply.
I wanted to take a look at the patch and check it a bit.
I noticed that your patch is applied now to master.

Overall this is good.
I've been wanting for a while to rework this.
Your approach is better right now before the release [than my rework].

Something like this:
https://github.com/commodo/openwrt/commit/d41ea4f342de7dbb02c9cfb0b19373c39ec24f81
I'll test it a bit more.

One more comment inline below.
Post by Daniel Golle
---
package/libs/wolfssl/Config.in | 12 ++++++++++++
package/libs/wolfssl/Makefile | 33 ++++++++++++++++++++++++++++-----
2 files changed, 40 insertions(+), 5 deletions(-)
diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
index 7e8a4b6cee..9b88914516 100644
--- a/package/libs/wolfssl/Config.in
+++ b/package/libs/wolfssl/Config.in
@@ -32,10 +32,22 @@ config WOLFSSL_HAS_PSK
bool "Include PKS (Pre Share Key) support"
default n
+config WOLFSSL_HAS_SESSION_TICKET
+ bool "Include session ticket support"
+ default n
+
config WOLFSSL_HAS_DTLS
bool "Include DTLS support"
default n
+config WOLFSSL_HAS_OCSP
+ bool "Include OSCP support"
+ default n
+
+config WOLFSSL_HAS_WPAS
+ bool "Include wpa_supplicant support"
+ default n
+
config WOLFSSL_HAS_ECC25519
bool "Include ECC Curve 22519 support"
depends on WOLFSSL_HAS_ECC
diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index 1d4b7f5579..d0bd3b5a35 100644
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=wolfssl
PKG_VERSION:=3.12.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
PKG_SOURCE_URL:=https://www.wolfssl.com/
@@ -51,7 +51,9 @@ CONFIGURE_ARGS += \
--enable-opensslextra \
--enable-sni \
--enable-stunnel \
- --disable-examples
+ --disable-examples \
+ --disable-leanpsk \
+ --disable-leantls \
Nitpick: these are disabled by default.
No need to disable them here.
Post by Daniel Golle
ifeq ($(CONFIG_IPV6),y)
CONFIGURE_ARGS += \
@@ -79,19 +81,25 @@ CONFIGURE_ARGS += \
--enable-supportedcurves
endif
-ifneq ($(CONFIG_WOLFSSL_HAS_DH),y)
+ifeq ($(CONFIG_WOLFSSL_HAS_DH),y)
CONFIGURE_ARGS += \
--enable-dh
endif
-ifeq ($(CONFIG_WOLFSSL_HAS_ARC4),n)
+ifneq ($(CONFIG_WOLFSSL_HAS_ARC4),y)
CONFIGURE_ARGS += \
--disable-arc4
+else
+CONFIGURE_ARGS += \
+ --enable-arc4
endif
-ifeq ($(CONFIG_WOLFSSL_HAS_DES3),y)
+ifneq ($(CONFIG_WOLFSSL_HAS_DES3),y)
CONFIGURE_ARGS += \
--disable-des3
+else
+CONFIGURE_ARGS += \
+ --enable-des3
endif
ifeq ($(CONFIG_WOLFSSL_HAS_PSK),y)
@@ -99,11 +107,26 @@ CONFIGURE_ARGS += \
--enable-psk
endif
+ifeq ($(CONFIG_WOLFSSL_HAS_SESSION_TICKET),y)
+CONFIGURE_ARGS += \
+ --enable-session-ticket
+endif
+
ifeq ($(CONFIG_WOLFSSL_HAS_DTLS),y)
CONFIGURE_ARGS += \
--enable-dtls
endif
+ifeq ($(CONFIG_WOLFSSL_HAS_OCSP),y)
+CONFIGURE_ARGS += \
+ --enable-ocsp --enable-ocspstapling --enable-ocspstapling2
+endif
+
+ifeq ($(CONFIG_WOLFSSL_HAS_WPAS),y)
+CONFIGURE_ARGS += \
+ --enable-wpas --enable-sha512 --enable-fortress --enable-fastmath
+endif
+
ifeq ($(CONFIG_WOLFSSL_HAS_ECC25519),y)
CONFIGURE_ARGS += \
--enable-curve25519
Thanks for this patch :)
Alex
Post by Daniel Golle
--
2.17.0
Loading...